Use credentials for kerberos auth

robsdedude · robsdedude · commit 4c3af90d1b1e · 2021-09-28T13:58:25.000+02:00
diff --git a/neo4j/api.py b/neo4j/api.py
@@ -63,21 +63,20 @@
 class Auth:
     """ Container for auth details.
 
-    :param scheme: specifies the type of authentication, examples: "basic", "kerberos"
+    :param scheme: specifies the type of authentication, examples: "basic",
+                   "kerberos"
     :type scheme: str
     :param principal: specifies who is being authenticated
     :type principal: str or None
     :param credentials: authenticates the principal
     :type credentials: str or None
     :param realm: specifies the authentication provider
     :type realm: str or None
-    :param parameters: extra key word parameters passed along to the authentication provider
+    :param parameters: extra key word parameters passed along to the
+                       authentication provider
     :type parameters: Dict[str, Any]
     """
 
-    # TODO in 5.0: change signature to
-    #     def __init__(self, scheme, principal=None, credentials=None,
-    #                  ticket=None, realm=None, **parameters):
     def __init__(self, scheme, principal, credentials, realm=None, **parameters):
         self.scheme = scheme
         # Neo4j servers pre 4.4 require the principal field to always be
@@ -86,12 +85,6 @@ def __init__(self, scheme, principal, credentials, realm=None, **parameters):
             self.principal = principal
         if credentials:
             self.credentials = credentials
-        # TODO in 5.0: add ticket
-        # :param ticket: alternative to authenticate the principal (depends on
-        #                scheme)
-        # :type ticket: str or None
-        # if ticket is not None:
-        #     self.ticket = ticket
         if realm:
             self.realm = realm
         if parameters:
@@ -107,9 +100,12 @@ def basic_auth(user, password, realm=None):
 
     This will set the scheme to "basic" for the auth token.
 
-    :param user: user name, this will set the principal
+    :param user: user name, this will set the
+    :type user: stro
     :param password: current password, this will set the credentials
+    :type password: stro
     :param realm: specifies the authentication provider
+    :type realm: str or None
 
     :return: auth token for use with :meth:`GraphDatabase.driver`
     :rtype: :class:`neo4j.Auth`
@@ -122,15 +118,14 @@ def kerberos_auth(base64_encoded_ticket):
 
     This will set the scheme to "kerberos" for the auth token.
 
-    :param base64_encoded_ticket: a base64 encoded service ticket, this will set the credentials
+    :param base64_encoded_ticket: a base64 encoded service ticket, this will set
+                                  the credentials
+    :type base64_encoded_ticket: str
 
     :return: auth token for use with :meth:`GraphDatabase.driver`
     :rtype: :class:`neo4j.Auth`
     """
-    token = Auth("kerberos", "", None)
-    # token field is not supported by any other auth scheme. So we inject it.
-    token.ticket = base64_encoded_ticket
-    return token
+    return Auth("kerberos", "", base64_encoded_ticket)
 
 
 def bearer_auth(base64_encoded_token):
@@ -140,6 +135,7 @@ def bearer_auth(base64_encoded_token):
 
     :param base64_encoded_token: a base64 encoded authentication token generated
                                  by a Single-Sign-On provider.
+    :type base64_encoded_token: str
 
     :return: auth token for use with :meth:`GraphDatabase.driver`
     :rtype: :class:`neo4j.Auth`
@@ -151,25 +147,22 @@ def custom_auth(principal, credentials, realm, scheme, **parameters):
     """ Generate a custom auth token.
 
     :param principal: specifies who is being authenticated
+    :type principal: str or None
     :param credentials: authenticates the principal
+    :type credentials: str or None
     :param realm: specifies the authentication provider
+    :type realm: str or None
     :param scheme: specifies the type of authentication
-    :param parameters: extra key word parameters passed along to the authentication provider
+    :type scheme: str or None
+    :param parameters: extra key word parameters passed along to the
+                       authentication provider
+    :type parameters: Dict[str, Any]
 
     :return: auth token for use with :meth:`GraphDatabase.driver`
     :rtype: :class:`neo4j.Auth`
     """
     return Auth(scheme, principal, credentials, realm, **parameters)
 
-# TODO in 5.0: alter custom_auth to
-# def custom_auth(principal, credentials, ticket, realm, scheme, **parameters):
-#     """...
-#     :param ticket: alternative to authenticate the principal (depends on
-#                    scheme)
-#     ..."""
-#     return Auth(scheme, principal=principal, credentials=credentials,
-#                 ticket=ticket, realm=realm, **parameter
-
 
 class Bookmark:
     """A Bookmark object contains an immutable list of bookmark string values.
diff --git a/testkitbackend/requests.py b/testkitbackend/requests.py
@@ -61,7 +61,7 @@ def NewDriver(backend, data):
             realm=auth_token.get("realm", None)
         )
     elif scheme == "kerberos":
-        auth = neo4j.kerberos_auth(auth_token["ticket"])
+        auth = neo4j.kerberos_auth(auth_token["credentials"])
     elif scheme == "bearer":
         auth = neo4j.bearer_auth(auth_token["credentials"])
     else:

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ def NewDriver(backend, data):`
`61`	`61`	`realm=auth_token.get("realm", None)`
`62`	`62`	`)`
`63`	`63`	`elif scheme == "kerberos":`
`64`		`- auth = neo4j.kerberos_auth(auth_token["ticket"])`
	`64`	`+ auth = neo4j.kerberos_auth(auth_token["credentials"])`
`65`	`65`	`elif scheme == "bearer":`
`66`	`66`	`auth = neo4j.bearer_auth(auth_token["credentials"])`
`67`	`67`	`else:`